On Sat, 2014-04-05 at 16:52 +0000, Elmar Stellnberger wrote: > Am 05.04.2014 15:23, schrieb Patrick Schleizer: > >> As Debian package headers do not use to be signed > > I think you are mistaken here or maybe I misunderstand. When you have a > > Debian medium you trust (such as a Live DVD from a trusted source), we > > can regard keys in /etc/apt/trusted.gpg.d/ and /etc/apt/trusted.gpg as > > trusted. > > For example http://ftp.us.debian.org/debian/dists/jessie/InRelease and > > http://ftp.us.debian.org/debian/dists/jessie/Release.gpg are gpg signed > > by the Debian archive key. > Ah, many thanks for that advice. I had just looked at the Release file > which was and still is not signed (am I right?! - have just checked this > file).
As the message you quoted says, there's a detached signature available in the same location. Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
